Cyber security predictions for 2023
The third decade of the 21st century is certainly competing to meet the parameters of the phrase “interesting times” from a Chinese proverb. From “new normal” through “next normal” and the Ukrainian war… all the way to 2023. The word of 2022 was “permacrisis” describing a permanent crisis. And while it’s hard for us to prejudge the “permanence” of the current crisis, from a macroeconomic perspective there is uncertainty in the markets. This uncertainty is related to three areas:
- Rising inflation and interest rates
- Rising energy and energy commodity prices
- Problems with supply chains in many industries
And how does this translate into cyber security? Significantly – after all, digitization has affected processes in all of the above problematic areas. In 2023, the surface and scale of attacks will continue to increase uninterruptedly – in line with the trend so far. What will change is the available resources (budgets) that companies will devote to securing their IT resources.
Here are STINET’s 7 predictions for 2023:
Increased investment in IT security at operational technology companies (power plants, gas distribution, etc.) – due to global energy issues, distribution and production companies will face two challenges related to energy shortages:
– the need to optimize energy management (may lead to mergers with IT)
– greater losses caused by attacks on OT infrastructure
Given the above, we can expect interest in IT Security solutions from representatives of the aforementioned industries.
Vendor consolidation driven by economic uncertainty – Gartner has been talking for some time about changing the trend of “many best-in-class point products” to a trend of “one technology sufficiently protecting all key attack surfaces.” Vendors support the unification trend by creating architectures like XDR or SASE – but these are typically economic issues, such as:
– reduced workload on employees, thanks to unified reporting and consoles
– easier purchasing and renewal process
– internal integrations to facilitate the development of cyber security infrastructure
…will intensify interest in consolidating products under the umbrella of a single vendor.
MSPs increase adoption of managed cyber security services – due to the cost of services, their implementation but most importantly their subsequent maintenance, MSPs will consider outsourcing cyber security services. This is derived from a point about economic uncertainty – the managed services model avoids large capital expenditures and potential losses associated with the departure of trained personnel.
There is growing interest in security solutions in the SaaS model – mainly through the transfer of solution maintenance costs to the vendor, high availability SLAs and the lack of need to backhaul Internet and email traffic…. But also because of the greater availability of IT staff familiar with operating cloud solutions.
Growing hardware purchasing problems (lead time, price fluctuations) don’t help either….
Post-Quantum Technology Race Begins – With US President Joe Biden’s signing of HR 7535, the “Quantum Computing Cybersecurity Preparedness Act,” the work to include in the IT security strategy of US institutions and corporations, cryptographic technologies resistant to the computing capabilities of quantum computers becomes official.
NIST has selected 4 algorithms to be recommended as quantum computing resistant in 2022: https://www.darkreading.com/emerging-tech/nist-picks-four-quantum-resistant-cryptographic-algorithms
Quantum Computing Cybersecurity Preparedness Act obliges key institutions of the U.S. economy to select and begin implementing an algorithm in 2023.
Attacks continue to intensify, and in 2023, ransomware is leading the way…
– ransomware as still the undisputed leader, and the main channel of spread will be email (with an attachment, or a link to a page).
– We can expect an increase in smishing – that is, phishing using SMS. The reason is simple – we are less vigilant using smartphones.
– Owners of social media/e-mail accounts without an active MFA – will face a wave of account take-overs.
AI will experience a “renaissance,” thanks to ChatGPT. So far, every vendor has had “some” mechanism in the AI/ML range (we write that because at this point AI is an extremely well-trained ML mechanism). The initial hype over the use of AI capabilities has subsided and has been given the “marketing slogan” patch. Nevertheless, the introduction of ChatGPT, along with cases of AI creating malware-type code, will bring artificial intelligence back into the discussion in the context of cyber security. Maybe not necessarily as a feature of your security software…. but a potential adversary.
The above predictions are the results of our conversations with customers, going through tons of materials from manufacturers and independent organizations, and…. our instinct for IT security. If the topics listed are in your area of interest…. we would be happy to exchange insights!